When copying across the certificates to enable https for httpd, I
encountered what appears to be a defect in cpio. The
certificates were copied by nfs mounting the disk system which contained
them and then using cpio to copy them to the local
location:

(cd /mnt/certs && find . -print|cpio -pd ${target_dir})

The issue was that the newer certificates were not copied over the
older versions on ${target_dir}. On other OS's (e.g. FreeBSD) this
worked. According to the cpio man page:

-u Overwrite files even when the original file being copied
is older than the one that will be overwritten.

implying that, normally, newer files should overwrite older
versions. On OpenBSD, cpio is actually implemented via
pax. An inspection of the source showed the issue, which
the following patch corrects: